-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/43331/#review118259
-----------------------------------------------------------
Ship it!
This looks good, but you might want to add the following to
`ambari-web:app/data/HDP2/site_properties.js` to make sure the UI renders
properly with this new property.
```
{
"name": "manage_auth_to_local",
"serviceName": "KERBEROS",
"filename": "kerberos-env.xml",
"category": "Advanced kerberos-env",
"index" : 14
},
```
After (`app/data/HDP2/site_properties.js:1511`)
```
{
"name": "case_insensitive_username_rules",
"serviceName": "KERBEROS",
"filename": "kerberos-env.xml",
"category": "Advanced kerberos-env",
"index" : 13
},
```
- Robert Levas
On Feb. 8, 2016, 12:58 p.m., Dmitro Lisnichenko wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/43331/
> -----------------------------------------------------------
>
> (Updated Feb. 8, 2016, 12:58 p.m.)
>
>
> Review request for Ambari and Robert Levas.
>
>
> Bugs: AMBARI-14961
> https://issues.apache.org/jira/browse/AMBARI-14961
>
>
> Repository: ambari
>
>
> Description
> -------
>
> As part of the kerberization process, a specific auth_to_local ruleset is
> used.
>
> The customer uses the "Manual" method of Kerbrizing their clusters. The
> addition of the custom auth_to_local rules is added as a step in the process.
>
> We found that during certain operations (such as moving the NameNode using
> the Ambari wizard), many services such as HDFS fail to restart. Upon
> examination of the failure it was revealed that Ambari is overwriting /
> modifying the custom auth_to_local rules to something completely different.
> The change is getting pushed to the nodes and the services fail to start up.
>
> 1) Secure the cluster using the "Manual" process as outlined in the Ambari
> documentation.
> 2) Add the custom auth_to_local rules after the cluster is kerberized.
> 3) Attempt to peform an operation such as moving a NameNode.
>
> Whenever services try to start / restart they fail. The logs from the
> respective services show failures pointing to incorrect auth_to_local
> settings.
>
> auth_to_local rules do not get modified or overwritten by ambari.
>
> Depending on the failure, we have been able to work around it doing one of
> two things:
> 1) Manually edit the core-site.xml where the service failed to start and
> start the service from the command line.
> 2) Go back into the Ambari UI, fix the auth_to_local rules, save the config,
> then restart the respective services.
>
>
> Diffs
> -----
>
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
> b94da70
>
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
> c76e45a
>
> Diff: https://reviews.apache.org/r/43331/diff/
>
>
> Testing
> -------
>
> mvn clean test
>
>
> Thanks,
>
> Dmitro Lisnichenko
>
>
